Consumerisation of IT and Bring Your Own Device (BYOD)

There is a remarkable convergence of consumer electronics with the Information Technology (IT) industry where the consumer devices and consumer applications are spreading to business. Employees are, without a doubt, bringing their own mobile devices and connecting them to the corporate network. IT departments often find themselves supporting an increasingly decentralised and mobile workforce comprised of various user segments, each with its own unique set of requirements. This shift has led to newly coined phrases such as “Consumerisation of IT” and “Bring Your Own Device (BYOD)” (Edwards, 2011). Traditionally, Information Technology has been viewed as an infrastructure required to support the operations of business, not that of the individual. Consumerisation of IT, though, initiated a paradigm shift that has now made IT relevant to individuals as well as business. In October of 2005, Gartner Analysts projected that the bulk of new technologies that organisations would adopt for their IT systems between 2007 and 2012 would have origins in

8884 5246 4753 3262 1774 ₁₄₂₅ 1221 1139 _{944 882} 1234 0000 2580 1111 5555 5683 0852 2222 1212 1998 F re q u e n cy

20

consumer applications (Pettey, 2005). The traditional boundaries between work and play are readily disappearing as the same devices that employees use for work are the same devices that they use for entertainment, thus transforming IT from a business tool to a social medium.

Unsurprisingly then, the applications and devices that workers request from their employers are increasingly becoming consumer-centric (Kane & Gray, 2012). Employees are becoming empowered to respond to consumers who have been empowered by groundswell technologies: mobile, social, video, and cloud (Schadler & Bernoff, 2010). The Forrester Research refers to these workers as highly empowered and resourceful operatives (HERO) as these are the type of employees that use consumer-centric applications to solve consumer problems at work. The HERO Index, as depicted in Figure 2-5, illustrates how the HERO workers compare to other information worker types.

Figure 2-5: The HERO Index (Schadler & Bernoff, 2010)

The term ‘disenfranchised employee’ refers to employees who just do their job with little innovation. Rogue employees, conversely, innovate through unauthorised applications to resolve consumer problems, often without receiving support from their employer. The remaining group, ‘Locked-Down Employees’, refers to people who are eager to resolve consumer problems but are hindered by corporate technology lock-down.

Forward-thinking companies are embracing their empowered employees and reviewing their mobile workforce strategies. Notwithstanding that reviewing a mobile workforce strategy often takes time because of budget approvals and IT leadership sign-off, the workforce is moving forward, with or without IT’s guidance and sign-off. In most cases, the drive to

21

operate with much-needed innovation and critical flexibility in the workforce far surpasses IT executive’s leadership and decision-making process (Kane & Gray, 2011).

The workforce and consumers are driving what they require from technology, so waiting for IT to keep up with innovation or to deliver on it is no longer an option. IT departments are known for adopting structured, well-controlled, and conventional approaches (e.g. SDLC: interview stakeholders, collect requirements, build a project plan, review it with the customer). While this approach is well-suited for internal infrastructure projects or for applications driven by a top-down business requirement, it is far from ideal for discretionary everyday use technologies like smartphone and employee portals. Indeed, this approach fails dismally in capturing requirements from a diverse workforce and consumers at large (Schadler, 2010).

An independent South African benchmarking exercise conducted with various companies by Wolfpack’s research team in Q4 of 2011, found that the organisations are already embracing the concept of BYOD by allowing multi-platform mobile devices to access corporate emails and calendars (Rosewarne, 2011).

Figure 2-6: Mobile Devices Allowed into the Corporate Network - A South African View (Rosewarne, 2011)

Figure 2-6 shows that only 1.14% of the surveyed companies blocked access to corporate emails and calendars, whereas 22.73% of the companies provided all platforms access to the corporate resources without implementing mobile device management solutions to monitor or control that access.

Checkpoint South Africa in partnership with ITWeb, conducted an online survey in late June of 2012, with a total of 231 people responding to the survey. The survey showed that 86% of the respondents’ organisations allow company-issued mobile devices to connect to the

60.23% 42.05% 32.95% 45.45% 29.55% 22.73% 1.14%

Blackberry or RIM platform Apple iOS platform Android platform Windows platform Symbian platform All platform access allowed - No centralised mobile…

22

network, and 77% of the respondents’ organisations allow personal mobile devices to connect to the corporate network. About 56% of the respondents use mobile devices to access web- based business applications, while a significant majority (98.45%) use mobile devices to access corporate emails, calendars and contacts. About 32% of the respondents use mobile devices to connect remotely to corporate desktops. Only 12%, however, admitted that mobile devices have led to an increase in the number of security incidents within their organisation. Along with consumerisation of mobile devices, came along consumerisation of cloud-based file sharing services such as Egnyte, iCloud, SugaSync, Skydrive, and Dropbox allowing employees to share files from any mobile device platform. While this service has the benefit of replacing on-premise file servers and reducing the costs associated with remote virtual private network (VPN) access, it exposes an organisation to severe information breaches (Disabato & Berenbaum, 2012). In July of 2012, passwords stolen from other websites were used to access several Dropbox accounts, one of which contained customer email addresses (Rash, 2012). The breach signifies that cloud-based file sharing systems still hinge on username and password to provide protection for information stored on the cloud.